From 270ed434d4dc8a44862b38715b826f63943bfcb0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Tue, 21 Sep 2021 17:39:14 +0200
Subject: [PATCH] Deprecate the escapeString() helper (#4506)

Developers are strongly encouraged to use prepared statements. If this is not
possible for compatibility reasons, they should use the `->escapeString()`
method directly.

Deprecating the helper ultimately allows cleaning up core.functions.php which
has become a dumping ground for all type of stuff over time.

Co-authored-by: Alexander Ebert <ebert@woltlab.com>
---
 wcfsetup/install/files/lib/core.functions.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index f98bb53f37..9212eed50e 100644
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -18,11 +18,7 @@ namespace {
 	spl_autoload_register([WCF::class, 'autoload']);
 	
 	/**
-	 * Escapes a string for use in sql query.
-	 * 
-	 * @see	\wcf\system\database\Database::escapeString()
-	 * @param	string		$string
-	 * @return	string
+	 * @deprecated 5.5 Use prepared statements if possible. Directly call WCF::getDB()->escapeString() if prepared statements cannot be used.
 	 */
 	function escapeString($string) {
 		return WCF::getDB()->escapeString($string);
-- 
2.20.1